The Financial Services Authority (FSA) has announced the imposition of a record fine, of GBP2,275,000, on the UK branch of Zurich Insurance Plc (Zurich UK) for failing to have adequate systems and controls in place to prevent the loss of customers’ confidential information. The fine is the highest levied to date on a single firm for data security failings.
The failings came to light following the loss of 46,000 customers’ personal details, including identity details, and in some cases bank account and credit card information, details about insured assets and security arrangements. The loss could have led to serious financial detriment for customers and even exposed them to the risk of burglary. Zurich UK told the FSA that it had seen no evidence to suggest that the personal data was compromised or misused.
Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa Limited (Zurich SA). In August 2008, Zurich SA lost an unencrypted back-up tape during a routine transfer to a data storage centre. As there were no proper reporting lines in place Zurich UK did not learn of the incident until a year later.
According to the FSA, “Zurich UK failed to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the security of customer data resulting from the outsourcing arrangement.” The firm also failed to ensure that it had effective systems and controls to prevent the lost data being used for financial crime.
Commenting on the enforcement action, Margaret Cole, the FSA’s director of enforcement and financial crime, said:
"Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA. To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.”
"Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK has made."
As Zurich UK agreed to settle at an early stage of the investigation the firm qualified for a 30% discount. Without this discount the firm would have been fined GBP3.25m.
The Financial Services Authority has also, in a separate case, fined the London branch of Société Générale (SocGen) GBP1,575,000 for failing to provide accurate transaction reports to the FSA. The Authority said the fine “reflects the seriousness of SocGen’s failure to submit accurate reports for approximately 80% of its reportable transactions, across all of its asset classes, for a period of over two years.”
Explaining the imposition of the fine, the FSA added: “Firms are required to ensure they submit data for reportable transactions by close of business the day after a trade is executed. The FSA uses this data to detect and investigate suspected market abuse including insider trading and market manipulation.”
“SocGen also breached FSA rules by failing to retain and have available all relevant transaction reporting data.”
“Firms must keep all data related to financial transactions and make it available to the FSA for at least five years. “
Between November 2007 and February 2010, SocGen either failed to report, or inaccurately reported, 18.8 million of its 23.5 million reportable transactions. These breaches occurred despite the FSA sending repeated reminders to firms of their obligations to provide accurate data and of the importance of compliance with the FSA rules on transaction reporting.
Margaret Cole said of the case:
"This is the sixth case in the last year where we have taken action against a firm for failures to make accurate transaction reports. We will continue to monitor the quality of firm reporting and we are committed to taking action where necessary to ensure firms comply with their reporting obligations.”
"SocGen failed to accurately report a very high proportion of its transactions for a significant length of time. This failure is a serious breach of our rules as it can have a damaging impact on our ability to detect and investigate suspected market abuse.”
"Firms and their management must ensure they submit quality transaction reporting data and we encourage all firms to review the integrity of this data on a regular basis."
The firm has taken a number of steps to address the concerns raised including commissioning a formal review of its transaction reporting process and committing resources to improve its processes and resolve the errors, the FSA said. Again SocGen agreed to settle with the FSA and received a 30% discount.
This is the sixth fine the FSA has issued since August 2009 in relation to firms failing to provide accurate transaction reports. On August 19, 2009, the FSA fined Barclays, on April 8, 2010, it fined Credit Suisse, Getco Europe Limited and Instinet Europe Limited and on April 27, 2010, the FSA fined Commerzbank AG.
.Tags: investment | accounting | business | insurance | United Kingdom | financial reporting | compliance | enforcement
Network Tweets
Archive |
Resources |
Partners |
Site Map |
Links |
Newsletter Archive |
Contact
About | Syndication |
Advertising & Marketing |
Recruitment |
Terms & Conditions |
Privacy
Copyright © 2012 - All Rights Reserved - Tax-News.com
All content provided by BSI Media
IMPORTANT NOTICE: Tax-News.com has taken reasonable care in sourcing and presenting the information contained on this site, but accepts no responsibility for any financial or other loss or damage that may result from its use. In particular, users of the site are advised to take appropriate professional advice before committing themselves to involvement in offshore jurisdictions, offshore trusts or offshore investments.
Write a comment